An effective risk management strategy never slows down an organisation down - it makes it go faster. The quantity of regulation one must deal with daily is growing, and if past trends are anything to go by is likely to accelerate. It is not just government regulation, but stakeholder and public and investor expectation as to governance and compliance place an increasing reliance on internal audit to deliver high quality assurance.
The risks faced today by organisations are not just the obvious ones but new, emerging risks across strategic, regulatory, financial and operational business processes. There are any number of risks in today's complex business environment, but the principal challenge lies in identifying the major ones. Once these are identified, an effective risk assessment strategy will then provide oversight that ensures management has proper and effective controls and processes in place to eliminate or mitigate these.
The cornerstone of risk assessment and management is a sound control system. This should forward organisational objectives of: promoting reliability of reporting, safeguarding of assets, compliance with laws and regulations, and efficiency of operations.
The starting block lies in helping organisations answer some key questions, such as:
- What are your key risks and how they are being managed?
- Do you have overlapping risk functions or gaps in coverage?
- What processes do you have in place to isolate key risks as they arise?
- What is the overall level of sophistication of your financial systems?
A rapid assessment of these questions allows us to integrate and improve risk controls
Here are some elementary symptoms of governance fatigue: Immature risk management processes results in boards not focusing on key issues or spending too much time on non-core issues; Ineffective corporate governance results in the incorrect balance between executive and non-executive directors, with key business challenges therefore never seeing the light of day; Inadequate controls and systems may result in wasted investment in new systems which fail to deliver the expected results.
In assessing the controls within an organisation, we look at:
- The overall control environment, including key business intelligence systems;
- Any significant deficiencies in accounting systems or personnel and how best to implement improvements;
- Processes to test the integrity of new or revised systems;
- Material deficiencies detected by external auditors, and the design of a corrective timetable.